Guarantee-Based Access Control

New Web technologies, such as the semantic Web and the social Web, have changed the way services and information are accessed. These new technologies allow more usable and interoperable services to be realized. They help service providers to reach more individuals. Automatic service discovery and invocation can also benefit from these technologies.Unfortunately, several threats to security, privacy, and trust come along with these benefits. For example, making services interoperable increases the chance of profiling individuals, which constitutes a privacy threat. Security measures, such as access control, should handle the potential threats of opening previously encapsulated Web services.We present a new access-control model, guarantee-based access control (GBAC). The new model constructs certificates based on guarantees rather than attributes. These guarantees are then used as the basis for access-control decisions. The model also permits access rights to be based on a set of individuals in a particular structured relationship. Thus, GBAC resists threats to individuals´ privacy, such as profiling, whether access decisions are based on the participation of one or more individuals. The model suits the open nature of new Web technologies.